From: Dmitry Vyukov <dvyukov@google.com>
To: David Herrmann <dh.herrmann@gmail.com>
Cc: syzkaller <syzkaller@googlegroups.com>,
Daniel Vetter <daniel.vetter@ffwll.ch>,
David Airlie <airlied@linux.ie>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: drm: GPF in drm_getcap
Date: Sat, 26 Nov 2016 19:07:31 +0100 [thread overview]
Message-ID: <CACT4Y+ZKF10qvF-8+_2_EVyeydLxJaPjtkxoSKVesC7Vhdd6uw@mail.gmail.com> (raw)
In-Reply-To: <CANq1E4RYnkmXHdw2W7nXmi_YFbX1LwVN_93cgWCBiao7H9ZLSQ@mail.gmail.com>
grep "card0" dmesg:
[ 5.298617] device: 'card0': device_add
[ 5.298946] PM: Adding info for No Bus:card0
[ 6.436178] device: 'card0': device_add
[ 6.436488] PM: Adding info for No Bus:card0
# ls -l /dev/dri/card0
crw-rw---T 1 root video 226, 0 Nov 26 18:05 /dev/dri/card0
# ls -lt /sys/class/drm/card0/device/
ls: cannot access /sys/class/drm/card0/device/: No such file or directory
# ls -lt /sys/class/drm/card0/device/driver
ls: cannot access /sys/class/drm/card0/device/driver: No such file or directory
On Sat, Nov 26, 2016 at 7:02 PM, David Herrmann <dh.herrmann@gmail.com> wrote:
> Hi
>
> On Sat, Nov 26, 2016 at 6:50 PM, Dmitry Vyukov <dvyukov@google.com> wrote:
>> On Sat, Nov 26, 2016 at 6:35 PM, David Herrmann <dh.herrmann@gmail.com> wrote:
>>> Hi
>>>
>>> On Sat, Nov 26, 2016 at 6:17 PM, Dmitry Vyukov <dvyukov@google.com> wrote:
>>>> On Fri, Sep 9, 2016 at 1:56 PM, Dmitry Vyukov <dvyukov@google.com> wrote:
>>>>> Hello,
>>>>>
>>>>> The following program triggers GPF in drm_getcap:
>>>>>
>>>>> // autogenerated by syzkaller (http://github.com/google/syzkaller)
>>>>> #include <fcntl.h>
>>>>> #include <stddef.h>
>>>>> #include <stdint.h>
>>>>> #include <sys/ioctl.h>
>>>>> #include <sys/stat.h>
>>>>> #include <sys/syscall.h>
>>>>> #include <sys/types.h>
>>>>> #include <unistd.h>
>>>>>
>>>>> int main()
>>>>> {
>>>>> int fd = open("/dev/dri/card0", O_RDONLY);
>>>>> uint64_t data[2] = {0x11, 0x80};
>>>>> ioctl(fd, 0xc010640cul /*DRM_IOCTL_GET_CAP*/, data);
>>>>> return 0;
>>>>> }
>>>>>
>>>>>
>>>>> general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
>>>>> Modules linked in:
>>>>> CPU: 1 PID: 5745 Comm: syz-executor Not tainted 4.8.0-rc5-next-20160905+ #14
>>>>> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
>>>>> task: ffff8800310dc540 task.stack: ffff88003cbc0000
>>>>> RIP: 0010:[<ffffffff834ca87b>] [<ffffffff834ca87b>]
>>>>> drm_getcap+0x34b/0x4f0 drivers/gpu/drm/drm_ioctl.c:260
>>>>> RSP: 0018:ffff88003cbc7c28 EFLAGS: 00010202
>>>>> RAX: 0000000000000058 RBX: ffff88003cbc7cf8 RCX: ffffc90001db0000
>>>>> RDX: 000000000000005d RSI: ffff88003cbc7cf8 RDI: 00000000000002c0
>>>>> RBP: ffff88003cbc7c50 R08: ffffed0007978fa1 R09: ffffed0007978fa0
>>>>> R10: ffff88003cbc7d07 R11: ffffed0007978fa1 R12: fffffffffffffff0
>>>>> R13: dffffc0000000000 R14: ffff88003bcc6850 R15: fffffffffffffff2
>>>>> FS: 00007fcbf4e03700(0000) GS:ffff88003ed00000(0000) knlGS:0000000000000000
>>>>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>>>> CR2: 00000000006dce00 CR3: 0000000066135000 CR4: 00000000000006e0
>>>>> DR0: 000000000000001e DR1: 000000000000001e DR2: 0000000000000000
>>>>> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
>>>>> Stack:
>>>>> ffff88003c26db00 ffff88003cbc7cf8 ffffffff875a3000 ffffffff88cf0ee0
>>>>> fffffffffffffff2 ffff88003cbc7dc0 ffffffff834cb57c 000000000000e200
>>>>> 1ffff10000000001 ffffffff875a1ba0 ffffffff882ae930 0000000000000010
>>>>> Call Trace:
>>>>> [<ffffffff834cb57c>] drm_ioctl+0x54c/0xaf0 drivers/gpu/drm/drm_ioctl.c:728
>>>>> [< inline >] vfs_ioctl fs/ioctl.c:43
>>>>> [<ffffffff818a331c>] do_vfs_ioctl+0x18c/0x1080 fs/ioctl.c:675
>>>>> [< inline >] SYSC_ioctl fs/ioctl.c:690
>>>>> [<ffffffff818a429f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:681
>>>>> [<ffffffff86e1a8c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
>>>>> Code: 3c 28 00 0f 85 88 01 00 00 49 8b 44 24 10 49 39 c6 4c 8d 60 f0
>>>>> 74 82 e8 64 19 10 fe 49 8d bc 24 d0 02 00 00 48 89 f8 48 c1 e8 03 <42>
>>>>> 80 3c 28 00 0f 85 6f 01 00 00 4d 8b bc 24 d0 02 00 00 49 8d
>>>>> RIP [<ffffffff834ca87b>] drm_getcap+0x34b/0x4f0 drivers/gpu/drm/drm_ioctl.c:260
>>>>> RSP <ffff88003cbc7c28>
>>>>> ---[ end trace c6e1afa8cd73b880 ]---
>>>>>
>>>>>
>>>>> On commit 4affa544adb8077403893e62b9e327fcf87de6f7 (Sep 8) of linux-next.
>>>>
>>>> ping
>>>>
>>>> Still happens on 16ae16c6e5616c084168740990fc508bda6655d4 (Nov 24).
>>>
>>> I suspect this is because we run drm_for_each_crtc() in
>>> drm_getcap(DRM_PAGE_FLIP_TARGET) on a legacy driver (meaning
>>> mode_config is not initialized). @danvet, how about always
>>> initializing mode_config to 0/empty/dummy?
>>>
>>> Dmitry, what driver do you run this on? And is CONFIG_DRM_LEGACY enabled?
>>
>>
>> CONFIG_DRM_LEGACY is enabled.
>>
>> How can I understand what driver is used?
>> This happens inside of qemu. This is the device:
>> crw-rw---T 1 root video 226, 0 Nov 26 17:45 /dev/dri/card0
>
> Usually by looking into `dmesg` and grepping for 'card0', or by inspecting:
>
> /sys/class/drm/card0/device/
>
> or more importantly looking at the symlink:
>
> /sys/class/drm/card0/device/driver
>
> Thanks
> David
next prev parent reply other threads:[~2016-11-26 18:07 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-09 11:56 drm: GPF in drm_getcap Dmitry Vyukov
2016-11-26 17:17 ` Dmitry Vyukov
2016-11-26 17:35 ` David Herrmann
2016-11-26 17:50 ` Dmitry Vyukov
2016-11-26 18:02 ` David Herrmann
2016-11-26 18:07 ` Dmitry Vyukov [this message]
2016-11-26 18:22 ` David Herrmann
2016-11-28 6:55 ` Daniel Vetter
2016-11-28 7:14 ` Michel Dänzer
2016-11-28 8:41 ` Dmitry Vyukov
2016-11-30 8:30 ` [PATCH 1/2] drm: Don't call drm_for_each_crtc with a non-KMS driver Michel Dänzer
2016-11-30 8:30 ` [PATCH 2/2] drm: Return -ENOTSUPP when called for KMS cap " Michel Dänzer
2016-11-30 9:07 ` Daniel Vetter
2016-11-30 17:21 ` Alex Deucher
2016-12-01 7:35 ` Michel Dänzer
2016-12-01 7:37 ` [PATCH v2] " Michel Dänzer
2016-12-01 14:46 ` Alex Deucher
2016-12-05 8:05 ` Daniel Vetter
2016-12-01 15:21 ` Sean Paul
2016-12-01 15:23 ` Daniel Vetter
2016-11-30 9:13 ` [PATCH 1/2] drm: Don't call drm_for_each_crtc " Daniel Vetter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACT4Y+ZKF10qvF-8+_2_EVyeydLxJaPjtkxoSKVesC7Vhdd6uw@mail.gmail.com \
--to=dvyukov@google.com \
--cc=airlied@linux.ie \
--cc=daniel.vetter@ffwll.ch \
--cc=dh.herrmann@gmail.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).